SPLK-5001無料問題集「Splunk Certified Cybersecurity Defense Analyst」

質問 1

The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?

（A）Alerts

（B）Malware

（C）Endpoint

（D）Vulnerabilities

正解：C 解答を投票する

質問 2

An analyst would like to test how certain Splunk SPL commands work against a small set of dat a. What command should start the search pipeline if they wanted to create their own data instead of utilizing data contained within Splunk?

（A）eval

（B）stats

（C）rename

（D）makeresults

正解：D 解答を投票する

質問 3

What is the main difference between a DDoS and a DoS attack?

（A）A DDoS attack uses a single source to target a single system, while a DoS attack uses multiple sources to target multiple systems.

（B）A DDoS attack uses multiple sources to target a single system, while a DoS attack uses a single source to target a single or multiple systems.

（C）A DDoS attack is a type of physical attack, while a DoS attack is a type of cyberattack.

（D）A DDoS attack uses a single source to target multiple systems, while a DoS attack uses multiple sources to target a single system.

正解：B 解答を投票する

質問 4

During their shift, an analyst receives an alert about an executable being run from C:\Windows\Temp. Why should this be investigated further?

（A）Temp directories aren't owned by any particular user, making it difficult to track the process owner when files are executed.

（B）Temp directories are flagged as non-executable, meaning that no files stored within can be executed, and this executable was run from that directory.

（C）Temp directories contain the system page file and the virtual memory file, meaning the attacker can use their malware to read the in memory values of running programs.

（D）Temp directories are world writable thus allowing attackers a place to drop, stage, and execute malware on a system without needing to worry about file permissions.

正解：D 解答を投票する

質問 5

A threat hunter executed a hunt based on the following hypothesis:
As an actor, I want to plant rundll32 for proxy execution of malicious code and leverage Cobalt Strike for Command and Control.
Relevant logs and artifacts such as Sysmon, netflow, IDS alerts, and EDR logs were searched, and the hunter is confident in the conclusion that Cobalt Strike is not present in the company's environment.
Which of the following best describes the outcome of this threat hunt?

（A）The threat hunt failed because the hypothesis was not proven.

（B）The threat hunt was successful because the hypothesis was not proven.

（C）The threat hunt failed because no malicious activity was identified.

（D）The threat hunt was successful in providing strong evidence that the tactic and tool is not present in the environment.

正解：D 解答を投票する

質問 6

Which of the following data sources can be used to discover unusual communication within an organization's network?

（A）Net Flow

（B）IAM

（C）EDS

（D）Email

正解：A 解答を投票する

質問 7

An analyst is investigating a network alert for suspected lateral movement from one Windows host to another Windows host. According to Splunk CIM documentation, the IP address of the host from which the attacker is moving would be in which field?

（A）dest

（B）host

（C）src_ip

（D）src_nt_host

正解：C 解答を投票する

SPLK-5001 無料問題集「Splunk Certified Cybersecurity Defense Analyst」

弊社を連絡する

関連リンク

トップ試験